This website uses cookies for your convenience.

Please refer to our Cookie Policy
Check In 15:00 / Check Out 11:00

GDPR Privacy Policy

1. Basic Policy

Beach Hotel Sunshine Ishigakijima (hereafter referred to as “the Hotel”), recognizes that protecting the privacy of our customers and their personal information is the basis of the Hotel’s business and one of the Hotel’s social responsibilities. In order to responsibly protect our customers’ personal information, the Hotel has established the personal information protection policy set forth below. In this GDPR Privacy Policy (hereafter referred to collectively as “Privacy Policy”) the Hotel has established an in-house system and strategies for protecting personal information (hereafter referred to collectively as “Personal Information”) set forth in the General Data Protection Regulation (hereafter referred to as “GDPR”), which it is committed to implementing, maintaining, and continuously improving. The Hotel’s Personal Information protection system and activities are designed to comply with all relevant legislation and in-house rules, and to be worthy of our customers’ confidence.

2. Obtaining personal information from customers

2-1. Obtaining personal information

In the course of providing services to our customers, the Hotel may obtain from customers such Personal Information as their name, address, and contact information. When obtaining Personal Information from customers, only the necessary information will be obtained, and the purpose and extent of the utilization of the information will be clearly explained.

2-2. How information is obtained

Personal Information is obtained by the following means in the course of customer transactions with the Hotel, related to Hotel facilities or products (such as accommodation, banquet, or bar/restaurant facilities, product sales, the provision/sale of amenities, the provision of services, and the holding of events) and other transactions.

(1) Directly from the customer
By telephone, in writing, from business cards, verbally, or over the Internet.
(2) From a person duly authorized by the customer
Such authorized persons may include those authorized to make a reservation on behalf of a customer or to introduce a customer, travel agencies, and package tour companies.
(3) From published information
Newspapers, Internet, telephone books, publications, and other written materials.

2-3. Types of personal information obtained by the Hotel

The personal information obtained by the Hotel may include the following information:

(1) Customer’s basic information (home address, name, gender, date of birth, email address, telephone number, facsimile number, mailing address, etc.)
(2) Customer’s additional information (occupation, place of work (company name), address, telephone number, post, position), date of marriage, family (name, relationship, birthdate), etc.)
(3) Payment information (credit card number, bank account, billing address, etc.)
(4) Service usage information (usage status of facilities, purchase status of goods, etc.)
(5) Contents of contact (email, input form of the website, facsimile, note made during a telephone call, letter, answer for surveys, etc.)
(6) Information obtained by the security system (security camera, card key, etc.)
(7) Information automatically obtained by websites of the Hotel (cookie, IP address, browser type, date and time of access, etc.)
(8) Matters included in the hotel register (home address, name, occupation, passport number, age, previous night’s accommodation, next destination, arrival date and time, departure date and time, name of guest rooms)
(9) Customer requirements regarding guest rooms, leisure activities, and other services, information required to fulfill special requirements
(10) Information required by administrative instructions, bylaws or ordinances

2-4. Right to refuse to provide personal information

The Hotel does not compel customers to provide Personal Information. At all times, the customer has the right to choose whether or not to provide Personal Information to the Hotel. However, in the event that a customer refuses to provide (1) his/her basic information, (3) payment information, and (8) matters included in the hotel register mentioned above in 2-3, it may not be possible to provide certain services, such as making reservations and using the hotel.

2-5. Obtaining information from minors

The Hotel does not aim or intend to obtain Personal Information directly from minors. In the event that a minor provides the Hotel with Personal Information about the minor or the minor’s family without the agreement of the minor’s parents, please contact a Hotel representative. The Hotel will immediately cease use of the Personal Information and take any necessary action, including deletion of the Personal Information, in good faith. However, if a minor wishes to use the facilities of the Hotel, and provides Personal Information about himself/herself for that purpose, the Hotel shall handle said Personal Information in accordance with this Privacy Policy.

2-6. Sensitive Data

The Hotel will not obtain customer’s Sensitive Data (racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) and data related to criminal offences unless otherwise referred to in GDPR.

3.Consent

3-1. Consent

The consent of the customer will, as a rule, be the legal basis of the processing of Personal Information by the Hotel (hereafter referred to as “Processing”). Necessity for the performance of a contract to which the customer is party to, necessity in order to take steps at the request of the customer prior to entering into a contract, necessity for the purposes of the legitimate interests pursued by the Hotel or by a third party, or necessity for compliance with a legal obligation to which the Hotel is subject will be the legal basis of Processing without such consent.

3-2. Withdrawal of consent

Customers may withdraw his/her consent at any time. The withdrawal of consent will not affect the lawfulness of Processing based on consent before its withdrawal. The information subject may withdraw his/her consent by using the Hotel’s website form or by contacting a Hotel representative of Personal Information.

4. Use of customer Personal Information

4-1. Purposes for which Personal Information is used

The Hotel uses customer’s Personal Information only for the purpose(s) and within the scope made clear to the customer. The Hotel makes absolutely no use of Personal Information for other purposes or beyond the indicated scope.

4-2. Types of Personal Information obtained by the Hotel and purposes of use

The Personal Information obtained by the Hotel is used for the following purposes:

(1) Making contact, shipment, and payment related to transactions regarding Hotel facilities such as hotels, restaurants, and leisure facilities, and Hotel’s goods, and other transactions.
(2) Joining various Hotel membership organizations, managing membership information, providing membership service, etc.
(3) Corresponding to inquiries and requirements made to Hotel.
(4) Providing email, mail, home delivery, telephone, facsimile, and other contact for guidance, advertising, or surveys regarding the operation of Hotel facilities, tenants, and partners.
(5) Ascertaining and analyzing services regarding facilities and goods of Hotel facilities, tenants, and partners for the purpose of improvement, development, and marketing, etc. of such services.
(6) Preparing and keeping the hotel register required by law.
(7) Providing services from the Hotel based on individual customer requirements.
(8) Providing information related to products and services provided by the Hotel and trustworthy third parties.
(9) Improving Hotel services on the basis of customer needs.
The provision of various types of information in the above cases is by such means as direct contact with the customer, direct mailings, or email.
When information is to be used for purposes other than the above, the purpose and limits of the proposed use are made clear to the customer prior to the acquisition or use of the personal information and is only obtained or used with the consent of the customer.

4-3. Use of cookies

Cookies are a widely used technology on the Internet for identifying a customer’s computer. For purposes listed in 4-2, and also purposes of providing information appropriately and ensuring security at websites, and statistically analyzing maintenance management and usage status of websites, Hotel services may use information identifying the customer such as IP address, browser type, date and time of access, etc. combined with information on pages browsed by the customer, which is collected using cookies. Customers can disable cookies by changing their browser settings, but this may result in an inability to access some or all of the services provided on the website.

5. Provision to third parties and joint use of personal information

5-1. Limits to provision of information to third parties and joint use of information

Unless referred to in GDPR, when providing customer's Personal Information to third parties or engaging in the joint use of such information, the Hotel will obtain consent of the customer. In this case, the Hotel will considerate the choice of above mentioned third parties and joint users, and require them to manage the above mentioned information appropriately by complying with GDPR etc. as if it were the Hotel.

5-2. Monitoring of subcontractors

When using customer’s Personal Information, the Hotel may subcontract such information to a third party to the extent of legitimate use. The Hotel will require subcontractors to strictly manage Personal Information as if it were the Hotel, and ensure necessary and appropriate monitoring of subcontractors, and where using Personal Information, the Hotel will comply with the security of such information by entering into a contract which includes matters which must be stated in accordance to GDPR with subcontractors.

5-3. Scope and purposes of joint use of Personal Information

The Hotel may jointly use Personal Information with other companies within the approved scope of use. As a rule, jointly used Personal Information includes the following:

(1) Customer’s basic information (home address, name, gender, date of birth, email address, telephone number, facsimile number, mailing address etc.)
(2) Customer’s additional information (occupation, place of work (company name), address, telephone number, post, position), date of marriage, family (name, relationship, birthdate) etc.)
(3) Payment information (credit card number, bank account, billing address etc.)
(4) Service usage information (usage status of facilities, purchase status of goods etc.)
(5) Contents of contact (email, input form of the website, facsimile, note made during a telephone call, letter, answer for surveys etc.)
(6) Information obtained by the security system (security camera, card key etc.)
(7) Information automatically obtained by websites of the Hotel (cookie, IP address, browser type, date and time of access etc.)
(8) Matters included in the hotel register (home address, name, occupation, passport number, age, previous night’s accommodation, next destination, arrival date and time, departure date and time, name of guest rooms)
(9) Customer requirements regarding guest rooms, leisure activities, and other services, information required to fulfill special requirements
(10) Information required by administrative instructions, bylaws or ordinances

5-4. Subcontractors and joint users

(1) When subcontracting the Processing of Personal Information wholly or partly, such subcontractor.
(2) Partners and subcontractors of business which provides goods and service, etc. to customers such as accommodation, food and drink, bridal work, leisure activity, and massage, etc.
(3) Management companies of facilities, equipment, and system, and cooperative companies and tenants and lessees of Hotel facilities.
(4) Travel agencies, tourism industries, event planning companies, in-house agents, carriers and other clients of relevant business.
(5) Enterprises and professionals which gives professional advice regarding management and operation, etc.
(6) Other clients, partners, and mediators of the Hotel.
(7) When jointly using Personal Information, joint user of such information.
(8) When providing Personal Information based on law, etc., the recipient of such information.

6. Handling of personal information

6-1. Maintenance of accurate Personal Information

The Hotel employs appropriate measures to ensure that customer Personal Information is kept accurate and up-to-date.

6-2. Storage period of Personal Information

The Hotel will only store the Personal Information for the period necessary for the achievement of the purpose of use, and within a reasonable period after the expiration of the storage period, safely erase or anonymize the Personal Information.

6-3. Automated means

The Hotel will not make decisions only on automated means such as profiling of Personal Information.

6-4. Customers' rights to the Personal Information

Customers have the following rights based on GDPR, etc. Customers may exercise such rights by using the Hotel's website form or contacting a Hotel representative of Personal Information. In cases where a customer exercises such rights, except on exceptions stated in GDPR, etc., the Hotel will conduct an identity verification, and as a rule, contact such customer within one month after receiving the request.

(1) Right of access
Right to obtain confirmation as to whether or not his/her Personal Information are being processed, and, where that is the case, access to such Personal Information and additional information added thereto
(2) Right to rectification
Right to request rectification of his/her inaccurate Personal Information
(3) Right to erasure
Right to erasure regarding the use of Personal Information in certain cases
(4) Right to restrict the use
Right to request a restriction regarding the use of Personal Information in certain cases
(5) Right to lodge a complaint
Right to lodge a complaint regarding the use of customer's Personal Information based on Legitimate interests pursued by the Hotel or by a third party
(6) Right to data portability
Right to receive Personal Information concerning him/her, which he/she has provided to the Hotel, in a structured, commonly used and machine-readable format and the right to transmit such information to another controller without hindrance from the Hotel.

6-5. Lodging a complaint with supervisory authorities

Customers may lodge a complaint with a country, territory, international organization, or other supervisory authorities regarding the Processing by the Hotel of his/her Personal Information.

7. Transfers of Personal Information to third countries

When the transfer of Personal Information is necessary for the performance of a contract between the customer and the Hotel or the implementation of pre-contractual measures taken at the customer's request, the Hotel may transfer Personal Information obtained within the EU to Singapore, Thailand, or Japan. In case of transfer to a country which lacks an adequacy decision by the European Commission, the Hotel will take measures of the standard data protection to lawfully transfer customer's Personal Information.

8. Secure management of Personal Information

8-1. Compliance with relevant legislation, regulations, and guidelines

The Hotel complies with the GDPR as well as other relevant laws, regulations, and industry guidelines.

8-2. Security measures

The Hotel makes every effort to protect customer Personal Information with preventive and security measures to protect against unauthorized access, loss, destruction, tampering, and leaks.

8-3. Organizational system

The Hotel has an organizational system in place for the protection of Personal Information within the Hotel, which includes a Personal Information Protection Officer for the Hotel as a whole and a Personal Information Management Officer for each division. The system also includes an audit department for the implementation of internal audits.

8-4. In-house rules for the handling and management of personal information

The Hotel has established rules for the handling of Personal Information, to ensure that standards for the appropriate acquisition, maintenance, use, and disposal of Personal Information are established and adhered to. The Hotel has also defined a code of conduct and concrete rules for the activities of those handling Personal Information, to prevent unauthorized access, loss, destruction, tampering and leaking of Personal Information.

8-5. In-house training

The Hotel implements staff training in relation to the protection of Personal Information and works to protect Personal Information by ensuring that the content of the training is thoroughly understood throughout the Hotel.

8-6. Continuous review of in-house rules relating to the handling and management of personal information

The Hotel continually reviews and improves its rules for the handling of Personal Information and the organizational system for implementing those rules, to ensure that their implementation continues to be effective and appropriate.

9. Revision and publication of this policy

This Personal Information Protection Policy is subject to revision at any time to respond to revisions and changes in related laws and regulations and to social needs related to Personal Information. Any revisions are published on this website without delay and the most recent revision date is clearly shown.

Contact for inquiries and complaints

The Hotel has established a center for responding to customer inquiries and complaints about the personal information obtained and held by the Hotel. This center responds conscientiously, efficiently, and in the appropriate scope to such inquiries/complaints after confirming the identity of the customer or the customer’s representative. Depending on the request, the response may require several days.

Email address: info@ishigakijima-sunshine.net

Noriko Akagi, President and CEO
Beach Hotel Sunshine Ishigakijima
Enacted: February 24th, 2021